On Wed, Mar 11, 2009 at 4:13 PM, JC <lovecraftesque@...> wrote:
>
> Is it possibly to load into the TPM a key pair that has been created outside the TPM? Let me explain.
>
> Let's assume I create a key pair inside the TPM directly under the SRK. The TPM will return, among other things, the public key in the clear plus the private key encrypted. Now what is encrypted and how is it encrypted? The private key itself can be represented as the prime exponent, or maybe two or more primes, or maybe something else. I don't think that this can be encrypted with the SRK's public key in one go because this data is as long as the modulus itself. So, how is it done? Is this specified anywhere?
>
> The reason I am asking is because I wonder if the following could be done: Generate a key pair outside the TPM; encrypt the private key with the public SRK and then load this into the TPM, so that the TPM can carry out all the private key operations associated with this key pair. Is this allowed?
Hi JC  Absolutely, that is possible. It is what the Tspi_Key_WrapKey
function does. The only problem is that the TSS documentation is a
little unclear about how exactly you are supposed to set things up
before making this call. But it is possible.
As far as the formats, the data encrypted to the "parent" key is the
TPM_STORE_ASYMKEY structure, which includes just one of the RSA prime
factors, so it fits. It also includes the usage and migration secrets,
and a hash of the public key data for the key. By storing just one
prime, the other can be derived by the TPM by dividing into the
modulus.
Hal Finney
